Migration from EDE to ARC-AMPE Maintenance Controls

This white paper serves as a guide for Direct Enrollment Entities (DEEs) to transition their Enhanced Direct Enrollment (EDE) System Security and Privacy Plans (SSPPs) to the Acceptable Risk Controls for ACA, Medicaid, and Provider Entities (ARC-AMPE). It outlines the purpose of the migration, which is to upgrade security and privacy measures in compliance with the Affordable Care Act (ACA). The document details the framework of ARC-AMPE, which replaces the previous EDE guidelines, and specifies that the compliance date for DEEs is set for June 2026. The white paper also discusses the control mapping from EDE to ARC-AMPE, highlighting the increase in the number of required controls from 295 to 308. Additionally, it describes the Maintenance controls, emphasizing the importance of periodic maintenance on organizational information systems and the establishment of policies and procedures to ensure compliance with federal regulations. The document provides a structured approach to implementing these controls effectively.